Racket 中的 POST/GET 绑定
Racket 中是否有内置的方法来获取 POST/GET 参数? extract-binding 和朋友做了我想做的事,但附加了一个关于与文件上传相关的潜在安全风险的可怕注释,其结论是
因此,我们建议不要使用他们的 使用,但它们是为 与旧代码的兼容性。
我能想到的最好的办法是(请提前原谅我)
(bytes->string/utf-8 (binding:form-value (bindings-assq (string->bytes/utf-8 "[field_name_here]") (request-bindings/raw req))))
但这似乎不必要地复杂(而且它似乎会受到绑定部分中记录的一些相同错误的影响)。
是否有一种或多或少标准的、无错误的方法来获取 POST/GET 变量的值(给定字段名称和请求)?或者更好的是,一种以列表/散列/列表形式返回 POST/GET 值集合的方法?除了其中任何一个之外,是否有一个函数可以执行相同的操作,但仅适用于 POST 变量,而忽略 GET?
Is there a built-in way to get at POST/GET parameters in Racket? extract-binding and friends do what I want, but there's a dire note attached about potential security risks related to file uploads which concludes
Therefore, we recommend against their
use, but they are provided for
compatibility with old code.
The best I can figure is (and forgive me in advance)
(bytes->string/utf-8 (binding:form-value (bindings-assq (string->bytes/utf-8 "[field_name_here]") (request-bindings/raw req))))
but that seems unnecessarily complicated (and it seems like it would suffer from some of the same bugs documented in the Bindings section).
Is there a more-or-less standard, non-buggy way to get the value of a POST/GET-variable, given a field name and request? Or better yet, a way of getting back a collection of the POST/GET values as a list/hash/a-list? Barring either of those, is there a function that would do the same, but only for POST variables, ignoring GETs?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
extract-bound 不好,因为它不区分大小写,对于多次返回的输入来说非常混乱,没有处理文件上传的方法,并且自动假设所有内容都是 UTF-8,但这不一定是真的。如果您能接受这些问题,请放心使用。
当数据为 UTF-8 并且只有一个字段返回时,您编写的代码片段有效。您可以将其定义为一个函数,并避免多次编写。
一般来说,我建议使用 formlet 来处理表单及其值。
现在你的问题是……
“在给定字段名称和请求的情况下,是否有一种或多或少标准的、无错误的方法来获取 POST/GET 变量的值?”
你拥有的是标准的东西,尽管你错误地认为只有一个值。当有多个时,您需要过滤字段名称上的绑定。同样,您不需要将值转换为字符串,您可以将其保留为字节就好。
“或者更好的是,一种以列表/散列/列表形式取回 POST/GET 值集合的方法?”
这就是 request-bindings/raw 的作用。它是一个列表绑定吗?对象。由于返回多个值,将其转换为哈希是没有意义的。
“除了其中任何一个,是否有一个函数可以执行相同的操作,但仅适用于 POST 变量,而忽略 GET?”
Web 服务器向您隐藏了 POST 和 GET 之间的区别。您可以检查 uri 和原始发布数据来恢复它们,但您必须自己解析它们。我不推荐它。
杰伊
extract-binding is bad because it is case-insensitive, is very messy for inputs that return multiple times, doesn't have a way of dealing with file uploads, and automatically assumes everything is UTF-8, which isn't necessarily true. If you can accept those problems, feel free to use it.
The snippet you wrote works when the data is UTF-8 and when there is only one field return. You can define it is a function and avoid writing it many times.
In general, I recommend using formlets to deal with forms and their values.
Now your questions...
"Is there a more-or-less standard, non-buggy way to get the value of a POST/GET-variable, given a field name and request?"
What you have is the standard thing, although you wrongly assume that there is only one value. When there are multiple, you'll want to filter the bindings on the field name. Similarly, you don't need to turn the value into a string, you can leave it as bytes just fine.
"Or better yet, a way of getting back a collection of the POST/GET values as a list/hash/a-list?"
That's what request-bindings/raw does. It is a list of binding? objects. It doesn't make sense to turn it into a hash due to multiple value returns.
"Barring either of those, is there a function that would do the same, but only for POST variables, ignoring GETs?"
The Web server hides the difference between POSTs and GETs from you. You can inspect uri and raw post data to recover them, but you'd have to parse them yourself. I don't recommend it.
Jay